The Claims 

1. (Original) One or more computer-readable media having stored 
thereon a computer program that, when executed by one or more processors of a 
node in a co-location facility, causes the one or more processors to perform acts 
including: 

beginning and terminating execution of components on the node in 
response to received commands; and 

restricting which other nodes in the co-location facility components that are 
executing on the node can receive data from and send data to. 

2. (Original) One or more computer-readable media as recited in claim 
1, wherein a plurality of management devices share management responsibility for 
the node, and wherein beginning and terminating execution of components on the 
node is restricted to only one of the plurality of management devices at a time. 

3. (Original) One or more computer-readable media as recited in claim 
1, wherein the restricting comprises: 

checking whether it is permissible to forward received data to its intended 
target; and 

forwarding the received data to its intended target only if it is permissible to 

do so. 
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4. (Original) One or more computer-readable media as recited in claim 
3 5 wherein the intended target comprises another node in the co-location facihty. 

5. (Original) One or more computer-readable media as recited in claim 
3, wherein the intended target comprises at least one of the components executing 
on the node. 

6. (Original) One or more computer-readable media as recited in claim 
1, wherein the beginning and terminating execution of components comprises 
beginning and termination execution of the components based on commands 
received from an operations console at a location remote from the co-location 
facility. 

7. (Original) One or more computer-readable media as recited in claim 
1, wherein one of the components comprises an operating system. 

8. (Original) A system comprising: 

a plurality of node clusters, each node cluster including a plurality of nodes; 

and 

wherein each individual node includes a controller to enforce restrictions on 
which other nodes the individual node can receive data from and which other 
nodes the individual node can send data to. 
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9. (Original) A system as recited in claim 8, wherein each individual 
node further includes a plurality of filters that identify the restrictions. 

10. (Original) A system as recited in claim 8, wherein the restrictions 
prevent the individual node from sending data to or receiving data from another 
node that is not in the same node cluster as the individual node. 

11. (Original) A system as recited in claim 8, wherein each individual 
node includes a network interface adapter that includes the controller. 

12. (Original) A system as recited in claim 8, wherein for each of the 
plurality of nodes: 

a plurality of management devices share management responsibility for the 
node; and 

one of the plurality of management devices is given an extended set of 
management rights over the node, and the remaining management devices is given 
a more restricted set of management rights over the node. 

13. (Original) A system as recited in claim 8, wherein the controller in 
each node is fiirther to terminate and initiate execution of applications on the node 
in response to requests from an extemal management device. 
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14. (Original) A system as recited in claim 8, wherein the plurality of 
node clusters are included in a co-location facility. 

15. (Original) A method comprising: 

receiving, at a node in a co-location facility, a first request from a first 
control console that is local to the co-location facility; 
implementing the first request; 

receiving, at the node, a second request from a second control console that 
is remote from the co-location facility; and 
implementing the second request. 

16. (Original) A method as recited in claim 15, wherein the first request 
comprises hardware operation oriented commands. 

17. (Original) A method as recited in claim 15, wherein the second 
request comprises software application control oriented commands. 

18. (Original) A method as recited in claim 15, wherein the first request 
corresponds to one of a first set of rights that are granted to the first control 
console, wherein the second request corresponds to one of a second set of rights 
that are granted to the second control console, and wherein the first set of rights is 
more restricted than the second set of rights. 
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19. (Original) One or more computer-readable memories containing a 
computer program that is executable by a processor to perform the method recited 
in claim 15. 

20. (Original) One or more computer-readable media having stored 
thereon a computer program that, when executed by one or more processors of a 
node in a facility, causes the one or more processors to perform acts including: 

establishing a boundary of a server cluster in the facility, wherein the server 
cluster includes the node; and 

altering the boundary of the server cluster based on commands received 
from a console outside the server cluster. 

21 . (Original) One or more computer-readable media as recited in claim 
20, wherein the establishing comprises including a filter that restricts access to 
another node that is in the facility but that is not in the server cluster. 

22. (Original) One or more computer-readable media as recited in claim 
20, wherein the establishing comprises generating a plurality of filters identifying 
only other nodes in the server cluster as being permissible to access. 
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23. (Original) One or more computer-readable media as recited in claim 
20, wherein the computer program, when executed, further causes the one or more 
processors to perform acts including executing a software engine in response to a 
command received from the console. 

24. (Original) One or more computer-readable media as recited in claim 
20, wherein the computer program, when executed, further causes the one or more 
processors to perform acts including terminating execution of a software engine in 
response to a command received from the console, 

25. (Original) One or more computer-readable media as recited in claim 
20, wherein the facility comprises a co-location facility. 

26. (Original) A system comprising: 

an interface allowing management devices corresponding to a plurality of 
management agents responsible for managing the system to access the system; and 

a controller to operate as a trusted third party mediating interaction among 
the plurality of management agents by assigning each of the plurality of 
management agents to a different one of a plurality of ownership domains and 
restricting the rights of each ownership domain in the system. 
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27. (Original) A system as recited in claim 26, wherein the controller is 
further to terminate execution of a software engine in the system in response to a 
request from a management device corresponding to one of the plurality of 
management agents. 

28. (Original) A system as recited in claim 26, wherein the controller is 
further to initiate execution of a software engine in the system in response to a 
request firom a management device corresponding to one of the plurality of 
management agents. 

29. (Original) A system as recited in claim 26, wherein one of the 
plurality of ownership domains is a top-level ownership domain having a first set 
of rights, and wherein each of the other ownership domains in the plurality of 
ownership domains has a second set of rights. 

30. (Original) A system as recited in claim 29, wherein the second set 
of rights is more restrictive than the first set of rights. 
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31. (Original) A system as recited in claim 29, wherein the first set of 
rights includes: the right to create new ownership domains, the right to access 
system memory, the right to access a mass storage device of the system, the right 
to modify filters in the system, the right to start execution of software engines in 
the system, the right to stop execution of software engines in the system, the right 
to debug software engines in the system, the right to change authentication 
credentials for the ownership domain, the right to modify a storage key for the 
ownership domain, and the right to subscribe to events engine events, machine 
events, and packet filter events at the system. 

32. (Original) A system as recited in claim 29, wherein the second set 
of rights includes: the right to revoke an existing ownership domain, the right to 
modify filters in the system, the right to change authentication credentials for the 
ownership domain, and the right to subscribe to machine events and packet filter 
events at the system. 

33. (Original) A system as recited in claim 29, wherein the first set of 
rights includes: the right to create new ownership domains, the right to access 
system memory, the right to access a mass storage device of the system, and the 
right to modify filters in the system. 
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34. (Original) A system as recited in claim 29, wherein the second set 
of rights includes: the right to revoke an existing ownership domain and the right 
to modify filters in the system, including the right to add a filter that cannot be 
subverted by a management agent assigned to the top-level ownership domain. 

35. (Original) A system as recited in claim 29, wherein the controller 
allows a device corresponding to any one of the other ownership domains to 
revoke the top-level ownership domain, and wherein the controller erases a system 
memory during the revocation process. 

36. (Original) A system as recited in claim 26, wherein only one of the 
plurality of management agents can correspond to a top-level ownership domain at 
a time, and wherein any of the other management agents can revoke the top-level 
ownership domain. 

37. (Original) A system as recited in claim 26, wherein only one of the 
plurality of management agents can correspond to a top-level ownership domain at 
a time, and wherein the one management agent can create a new ownership 
domain for a new management agent, and wherein the new ownership domain 
becomes the new top-level ownership domain. 
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38. (Original) A system as recited in claim 26, wherein only one of the 
plurality of management agents can correspond to a top-level ownership domain at 
a time, wherein which of the plurality of management agents corresponds to the 
top-level ownership domain at any given time can vary over time, and wherein the 
controller erases a system memory each time a change occurs in which of the 
plurality of management agents corresponds to the top-level ownership domain. 

39. (Original) A system as recited in claim 26, wherein the system 
comprises a node in a co-location facility. 

40. (Original) A method comprising: 

associating each of a plurality of management agents with one of a plurality 
of ownership domains, wherein each of the plurality of management agents is 
responsible for managing at least a portion of a computer and is external to the 
computer; 

allowing only one of the plurality of management agents to have an 
extended set of rights to the computer at a time, and assigning the remaining 
management devices a more limited set of rights; and 

restricting which requests from management devices corresponding to the 
plurality of management agents are carried out based at least in part on the rights 
of the management agent. 
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41. (Original) A method as recited in claim 40, where each of the 
pluraHty of management agents corresponds to one or more management devices 
that are coupled to the computer. 

42. (Original) A method as recited in claim 40, wherein the extended set 
of rights includes: the right to create new ownership domains, the right to access 
system memory, the right to access a mass storage device of the system, the right 
to modify filters in the system, the right to start execution of software engines in 
the system, the right to stop execution of software engines in the system, the right 
to debug software engines in the system, the right to change authentication 
credentials for the ownership domain, the right to modify a storage key for the 
ownership domain, and the right to subscribe to events engine events, machine 
events, and packet filter events at the system. 

43. (Original) A method as recited in claim 40, wherein the more 
limited set of rights includes: the right to revoke an existing ownership domain, 
the right to modify filters in the system, the right to change authentication 
credentials for the ownership domain, and the right to subscribe to machine events 
and packet filter events at the system. 
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44. (Original) A method as recited in claim 40, wherein the extended set 
of rights includes: the right to create new ownership domains, the right to access 
system memory, the right to access a mass storage device of the system, and the 
right to modify filters in the system. 

45. (Original) A method as recited in claim 40, wherein the more 
limited set of rights includes: the right to revoke an existing ownership domain 
and the right to modify filters in the system, including the right to add a filter that 
cannot be subverted by a management agent assigned to the top-level ownership 
domain. 

46. (Original) A method as recited in claim 40, wherein the pne 
management agent corresponds to a top-level ownership domain, and wherein any 
of the other management agents can revoke the rights of the one management 
agent. 

47. (Original) A method as recited in claim 40, further comprising: 
assigning, by the one management agent having the extended set of rights, 

the extended set of rights to a new management agent; 

assigning the one management agent to having the more limited set of 

rights. 
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48. (Original) A method as recited in claim 40, further comprising: 
allowing which of the plurality of management agents has the extended set 

of rights to change over time; and 

erasing a system memory each time a change occurs in which of the 
plurality of management agents has the extended set of rights. 

49. (Original) A method as recited in claim 40, further comprising 
terminating execution of a software engine in the computer in response to a 
request from a management device corresponding the one management agent 
having the extended set of rights. 

50. (Original) A method as recited in claim 40, further comprising 
initiating execution of a software engine in the computer in response to a request 
from a management device corresponding the one management agent having the 
extended set of rights. 

51. (Original) A method as recited in claim 40, wherein the computer 
comprises a node in a co-location facility. 

52. (Original) One or more computer-readable memories containing a 
computer program that is executable by a processor to perform the method recited 
in claim 40. 



Iee@hayes p>c so9-324'9^ 



14 



Application No. 09/695,820 



